Hawkes: State organisations have 'scant regard' for data protection

The Data Protection Commissioner has warned state bodies they face a crackdown unless they overhaul the way they treat personal data, accusing them of eroding public trust.

The warning came in the latest annual report issued by the data Protection Commissioner (DPC), in which Commissioner Billy Hawkes revealed that there was a record number of investigations opened by his office last year following complaints by people being blocked from accessing their own personal data held by organisations.

It also revealed that the activities of domestic data controllers — both in the private and public sectors — attracted most of the enquiries and complaints dealt with by the DPC last year.

Writing in the foreword of the report, Mr Hawkes said: “Our audits of State organisations have, in too many cases, shown scant regard by senior management to their duty to safeguard the personal data entrusted to them – a duty that is all the greater because of the legal obligation to provide such personal data to the State.

“Failure to treat personal data with respect can only lessen the trust that should exist between the individual and the State. It will also lead inevitably to more formal enforcement action by my Office unless system-wide action is taken to improve current practice.”

An audit of the Gardaí found “disturbing instances” of improper access by individual gardaí and also found that scheduled audits of accesses to the PULSE system, as provided for in the force’s Data Protection Code of Practice, had not been carried out.

As for commercial entities, Mr Hawkes said many complaints received by his office were due to “poor standards of customer service” and that “repeat failures in this area is a source of concern”.

The report also noted a growing issue of “staff moving from one employer to another and taking client data to their new employer”.